--- # Graylog Lookup Table Management via REST API # Creates Data Adapters, Caches, and Lookup Tables for GeoIP # ============================================================================= # Data Adapters # ============================================================================= - name: get existing data adapters ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/adapters" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: existing_adapters tags: graylog-config, lookup-tables - name: build list of existing adapter names ansible.builtin.set_fact: existing_adapter_names: "{{ existing_adapters.json.data_adapters | default([]) | map(attribute='name') | list }}" tags: graylog-config, lookup-tables - name: create GeoIP data adapter ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/adapters" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Content-Type: application/json body_format: json body: name: "geoip-adapter" title: "GeoIP MaxMind Adapter" description: "MaxMind GeoLite2-City database adapter" config: type: "maxmind_geoip" path: "/usr/share/graylog/geoip/GeoLite2-City.mmdb" database_type: "MAXMIND_CITY" check_interval: 86400 check_interval_unit: "SECONDS" status_code: [200, 201] when: "'geoip-adapter' not in existing_adapter_names" register: created_adapter tags: graylog-config, lookup-tables # ============================================================================= # Caches # ============================================================================= - name: get existing caches ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/caches" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: existing_caches tags: graylog-config, lookup-tables - name: build list of existing cache names ansible.builtin.set_fact: existing_cache_names: "{{ existing_caches.json.caches | default([]) | map(attribute='name') | list }}" tags: graylog-config, lookup-tables - name: create GeoIP cache ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/caches" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Content-Type: application/json body_format: json body: name: "geoip-cache" title: "GeoIP Cache" description: "Cache for GeoIP lookups" config: type: "guava_cache" max_size: 10000 expire_after_access: 3600 expire_after_access_unit: "SECONDS" expire_after_write: 0 expire_after_write_unit: "SECONDS" status_code: [200, 201] when: "'geoip-cache' not in existing_cache_names" register: created_cache tags: graylog-config, lookup-tables # ============================================================================= # Lookup Tables # ============================================================================= - name: refresh adapters list ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/adapters" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: all_adapters tags: graylog-config, lookup-tables - name: refresh caches list ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/caches" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: all_caches tags: graylog-config, lookup-tables - name: build adapter and cache ID maps ansible.builtin.set_fact: adapter_id_map: "{{ all_adapters.json.data_adapters | default([]) | items2dict(key_name='name', value_name='id') }}" cache_id_map: "{{ all_caches.json.caches | default([]) | items2dict(key_name='name', value_name='id') }}" tags: graylog-config, lookup-tables - name: get existing lookup tables ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/tables" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: existing_tables tags: graylog-config, lookup-tables - name: build list of existing table names ansible.builtin.set_fact: existing_table_names: "{{ existing_tables.json.lookup_tables | default([]) | map(attribute='name') | list }}" tags: graylog-config, lookup-tables - name: create GeoIP lookup table ansible.builtin.uri: url: "{{ graylog_api_url }}/system/lookup/tables" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Content-Type: application/json body_format: json body: name: "geoip-lookup" title: "GeoIP Lookup Table" description: "Lookup table for GeoIP resolution" cache_id: "{{ cache_id_map['geoip-cache'] }}" data_adapter_id: "{{ adapter_id_map['geoip-adapter'] }}" default_single_value: "" default_single_value_type: "NULL" default_multi_value: "" default_multi_value_type: "NULL" status_code: [200, 201] when: - "'geoip-lookup' not in existing_table_names" - "'geoip-adapter' in adapter_id_map" - "'geoip-cache' in cache_id_map" tags: graylog-config, lookup-tables